legacy systems study - texas€¦ · full replacement, depending on the characteris-tics of the...

19
LEGACY SYSTEMS STUDY Assessment and Recommendations PUBLIC REPORT Texas Department of Information Resources October 1, 2014

Upload: others

Post on 09-Jul-2020

0 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

LEGACY SYSTEMS STUDY

Assessment and Recommendations

PUBLIC REPORT

Texas Department of Information Resources

October 1, 2014

Page 2: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Contents

Executive Summary ......................................................... 1 Project Objectives ..................................................... 1 Analysis Approach .................................................... 2 Assessment Results .................................................. 2 Recommendations.................................................... 3

High-Level Findings ......................................................... 6 Architecture Analysis ............................................... 6 Mission-Critical Applications .................................... 6 Hardware and Software Components by Primary Functional Category .................................... 7 Legacy Remediation Cost Estimate .......................... 8 Average Age of Hardware Components ................... 8

Recommendation 1 Determine the Impact of Identified Security Risks and Prioritize Mitigation .................................. 9

Recommendation 2 Develop a Legacy Modernization Roadmap Strategy .................................................................... 9

Recommendation 3 Leverage DIR to Establish a Statewide Application Development Framework, Standardization and Consolidation ........................ 10

Recommendation 4 Seek Commercial Off-the-Shelf Solutions over Custom-Developed Solutions ......................... 12

Recommendation 5 Consolidate Reporting and Analytics into Consolidated Business Intelligence Services .......... 12

Recommendation 6 Implement Application Portfolio Management Practices ................................................................. 13

Appendix Functional Category Definitions ............................. 15

_____

Legacy Systems Study DIR Enterprise Solution Services [email protected]

Texas Department of Information Resources 300 West 15th Street, Austin, TX 78711-3563 www.dir.texas.gov

Page 3: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 1

Executive Summary

Texas is a diverse state—from the geography of

the landscape to the people who live here—and

the needs of state agency systems to serve the

public are just as diverse. As electronic records

and online transactions increasingly become the

standard for state government operations and

statewide service delivery, it becomes more crit-

ical to understand the investment in and man-

agement of the supporting information systems.

The Legacy System Study (LSS) was created by

the 83rd Legislature (House Bill 2738) to evalu-

ate the composition of the state’s current tech-

nology landscape and determine how best to ap-

proach and make decisions about an aging infra-

structure. A legacy system is defined in statute

as a computer system or application program

that is operated with obsolete or inefficient

hardware or software technology.

Much like the physical infrastructure of public

bridges and roads, the information technology

(IT) infrastructure must be maintained to ensure

continuity of service to the public. Aging systems

that are either costly or inefficient in operations,

or which simply do not have manufacturer sup-

port for the software, need prioritized attention.

This report offers a snapshot of current State of

Texas legacy systems, along with recommenda-

tions for possible solutions to this critical and

timely issue.

The Texas Department of Information Resources

(DIR) was directed by the state legislature to per-

form a study detailing the use of legacy systems

and software by state agencies (excluding insti-

tutions of higher education and agencies that are

statutorily exempt from reporting information to

DIR).

DIR’s Enterprise Solutions Services (ESS) team

worked collaboratively with the legislatively

specified agencies throughout the process to

carry out the study in the following four phases:

1. Strategize—Analyze House Bill 2738, then

formulate a plan to collect data and report to

state leadership

2. Gather—Develop a data dictionary for con-

sistency and assist the agencies in gathering

data

3. Analyze—Validate and analyze the data sub-

missions, then formulate recommendations

4. Report—Develop an assessment report and

identify high-value remediation targets with

estimates of costs

DIR completed the first two phases. To complete

the final two phases, DIR partnered with a major

international technology advisory company to

ensure broad technology expertise in perform-

ing the analysis and reporting. The project

team—made up of representatives from both

parties—employed proven frameworks and

methodology for establishing remediation prior-

ities and recommendations.

Project Objectives

The overall objective of this project is to under-

stand, at a high level, the breadth and cost of leg-

acy system remediation and modernization

across State of Texas agencies. The objective of

the report is to provide state leadership with

data on whether to replace or update aging sys-

tems. Meeting these objectives included

Determining the size, maintenance cost, and

risk of legacy systems within the state based

on data collected

Applying a standard, adaptable, methodology

to standardize and prioritize systems into

groups based on functional similarities, then

Page 4: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 2

increasing data quality with industry research

and state agencies’ perspectives

Determining feasibility of remediation for

groups of legacy systems and for high-value,

individual legacy systems by using industry

best practices

Objectively identifying modernization oppor-

tunities and associated estimated costs

Analysis Approach

The project required a great deal of analysis by

the project team to summarize the wealth of in-

formation gathered during the inventory phase.

This analysis was essential in forming meaningful

recommendations.

For a project of this scope, portfolio analysis

can be as broad or deep as desired—the de-

gree to which it can be either is a function of

the quality and availability of data and the time

available to conduct the analysis.

This report provides a broad analysis of state

agencies’ application portfolios (i.e., their col-

lections of IT systems, including related hard-

ware and software), and provides an evalua-

tion of technical condition, business value, and

cost of these state assets.

With the framework and tools provided by this

project, DIR and state agencies will be able to

continue the analysis to explore areas of inter-

est and gain deeper insights.

The recommendations in this report reflect the

broad analyses undertaken and identify steps

to continue progress in updating these IT sys-

tems, a process referred to as legacy moderni-

zation.

Assessment Results

The study identified more than 13,000 physical

and virtual server (hardware) instances and

100,000 software product instances that support

the state’s systems. In turn, these systems sup-

port more than 4,130 business applications.

Business application names are the high-level la-

bels used by the agency business and IT organi-

zations to easily reference a group of functions

provided by the systems.

The Legacy Systems Study found that over half of

the 4,130 business applications contained in

agency application portfolios are considered leg-

acy. This designation is based on whether a busi-

ness application relies upon hardware and soft-

ware technology that is no longer supported un-

der standard vendor support. In some cases, only

a small portion of the underlying technology is

legacy, but in the majority of cases, most of the

technology is outdated. Legacy business applica-

tions are more difficult and costly to support, are

less resilient, and are likely to carry a higher de-

gree of security risk.

The legacy portion of the statewide application

portfolio includes business applications of all

functional categories from across almost all

agencies. It encompasses large systems of rec-

ord, including many mission-critical business ap-

plications, as well as smaller systems. The legacy

applications cannot simply be dismissed because

agencies indicate that core, mission-related,

functions rely on these systems. This presents a

conundrum: these business applications are val-

uable, yet their technical underpinnings need to

be replaced or updated (remediated) to support

agencies’ IT needs.

There is a range of feasible remediation options

available for such legacy business applications,

from limited software and hardware upgrades to

full replacement, depending on the characteris-

tics of the application. The Legacy Systems Study

presents various options and maps them to dif-

ferent applications. When considering these op-

tions, it is beneficial to approach modernization

at a holistic or portfolio level so that system in-

terdependencies are considered.

Page 5: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 3

The state would also benefit from reducing the

number of software products and optimizing its

technology landscape to reduce costs and risks

associated with outdated or unsupported appli-

cations. For instance, there are many applica-

tions across the state that provide similar func-

tionality. Examples include applications related

to functional areas such as licensing services, or

technology areas such as reporting. In total,

agencies use over 4,200 unique software prod-

ucts, installed in over 100,000 instances, with

61% of these instances considered legacy. A re-

duction in the variance of software products

would reduce the size and complexity of the fu-

ture application landscape after remediation.

There are many reasons that the technology that

supports business applications becomes legacy.

The demand for IT always outpaces supply, and

agencies must balance investments in systems

that support daily activities and provide immedi-

ate business value with technology mainte-

nance, which provides less tangible benefits in

the short term. As the state continues to attract

more citizens and experience significant busi-

ness growth, the demand for state-provided ser-

vices increases. Because agencies are often una-

ble to add staff to meet the growing demand for

services, there becomes an increased depend-

ency upon automation to meet that need. Over

time, technical debt accumulates and becomes

harder to reconcile.

The current annual ongoing cost of the state’s

legacy portfolio, based on support effort and

software license fees, is over $300 million. Based

on a formula for a high-level remediation cost es-

timate at a portfolio level, the one-time cost to

remediate the technical debt within legacy busi-

ness applications on an agency-by-agency basis

will likely exceed $450 million when not taking

into account opportunities to share services. The

cost and complexity of individual legacy business

applications is substantial, and consolidation

would avoid redundant remediation effort.

Recommendations

Recommendation 1. Agencies should develop a

prioritized impact analysis and mitigation plan of

identified legacy system security risks.

If agencies understand and prioritize the impact

of replacing and/or upgrading aging infrastruc-

ture, business decisions can be made more eas-

ily. The identified risks are primarily a result of

running older software and hardware that can

no longer be updated with security fixes, nor

support modern security implementations.

These mitigations would not imply a full legacy

modernization, but would target security risk

mitigation. Such an analysis can result in a strat-

egy that allows for targeted upgrades that could

be implemented in phases based on available re-

sources.

Recommendation 2. Amend Texas Government

Code (TGC), Chapter 2054 to authorize DIR to de-

velop a legacy modernization strategy and to col-

laborate with agencies to use comprehensive

strategies, developed as part of the Legacy Sys-

tems Study and identified in this report, as guid-

ance in their legacy modernization efforts.

This recommendation would allow the state to

take the next step toward developing a modern-

ization strategy, both at the state level and in

concert with agencies at the agency level. The

Legacy Systems Study indicates a number of ar-

eas of prioritization based on the business value,

technical quality, and cost of business applica-

tions. The Legacy Systems Study identifies reme-

diation options, including a preliminary mapping

to business applications. However, this study is

not a comprehensive strategy toward legacy

modernization.

Page 6: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 4

Recommendation 3. Amend TGC 2054 to author-

ize DIR to build upon the legacy modernization

strategy by

Establishing a statewide application develop-

ment framework—A framework is a recom-

mended approach that provides direction and

structure for agencies to follow. Currently,

there is no statewide framework for software

application development.

Facilitating standardization and collabora-

tion—A modernization strategy is a roadmap

for pursuing opportunities for technology

standardization, reducing the variety of tech-

nologies within the statewide portfolio, and

seeking opportunities to consolidate business

applications into fewer solutions, both within

and among agencies.

Achieving economies of scale by leveraging

agency investments—As part of the Legacy

Systems Study, DIR sponsored a workshop

with many agencies where representatives in-

dicated an interest in common solutions and

technologies among agencies. This shared ap-

proach would yield long-term cost reduction

and operational benefits.

Recommendation 4. As part of a legacy modern-

ization strategy leveraging common solutions,

agencies should prioritize commercial off-the-

shelf (COTS) solutions over custom-developed

replacement solutions.

Standardization and consolidation should in-

clude an emphasis on shared solutions including

those delivered as services through the cloud

(i.e., via the Internet instead of through an or-

ganization’s own technology infrastructure)

where possible, reducing the number of custom-

developed business applications. The analysis of

software components indicates that there is a

high degree of custom-developed solutions,

even in application categories where there are

off-the-shelf solutions available. While agencies

have diverse business needs, custom applica-

tions that create a solution from the ground up

may not be needed.

Recommendation 5. Amend TGC 2054 to author-

ize DIR to implement a shared (multi-tenant) re-

porting services and business analytics pilot to

determine the viability of a statewide solution.

Such a capability provides administrative ser-

vices and tools to manage the IT function, includ-

ing software tools that manage data reporting

and business analytics (data analysis that reveals

trends and enables predictions for optimization

of business performance). This would allow

agencies to consolidate disparate software and

hardware onto a consolidated platform. Such a

platform, offered as a service, would accelerate

remediation of legacy reporting applications and

provide higher level business intelligence capa-

bilities to agencies.

Recommendation 6. Amend TGC 2054 to author-

ize DIR to establish a voluntary pilot program

that provides statewide application portfolio

management (APM) practices and toolsets for

agencies to implement any recommendations

following the Legacy Systems Study. An APM

would help agencies approach their IT manage-

ment from a global perspective, improve

statewide application management, and provide

opportunities for efficiencies. In the current en-

vironment, there is limited active portfolio man-

agement to guide decision-making for IT invest-

ment, or to balance business needs that drive

functionality with the requirements of maintain-

ing the technology landscape and sustaining

business applications. DIR is well positioned to

assist with the statewide perspective of portfolio

management: it has insight into agency portfo-

lios and direction and can provide advice on

Page 7: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 5

pragmatic application consolidation that yields

long-term benefits.

Note that all recommendations are based on and

related to only the agencies included in the

study.

_____

Texas attracts nearly half a million new citizens

annually and is prospering due to a positive busi-

ness climate, desirable quality of life, favorable

cost of living, and an independent spirit. These

characteristics challenge state government to

ensure that Texas retains its national leadership

position and continues to provide statewide ser-

vices that meet the needs of its citizenry. Agen-

cies depend upon their IT systems to deliver

state services and must be in a position to grow

these systems in an agile and fiscally responsible

manner.

This study, and the resulting recommendations,

present a unique opportunity to fully understand

the health of these systems and the actions nec-

essary to operate an efficient and cost-effective

state government.

Page 8: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | High-Level Findings 6

High-Level Findings

Architecture Analysis

The state’s application portfolio comprises more

than 4,130 business applications supported by

the state’s systems. Of these, approximately 58%

are listed as legacy because they contain legacy

components. In most cases, these legacy busi-

ness applications are supported by both legacy

software and hardware:

52% of the legacy applications use both out-

dated hardware and software

20% of the legacy applications use outdated

hardware

28% of the legacy applications use outdated

software

Mission-Critical Applications

Approximately 36% of the entire state applica-

tion portfolio is deemed mission critical by agen-

cies, while 64% is not mission critical.

Almost two-thirds of the mission-critical applica-

tions have legacy components, while the remain-

ing third is current. Just over half of non-mission-

critical applications are considered legacy, while

the remaining are current.

Overall, the mission-critical applications have a

higher legacy ratio than non-mission critical ap-

plications.

The remainder of this section presents the results of high-level analysis of the state’s business applica-

tions, which have been grouped according to 33 functional categories. DIR asked agencies to categorize

their business applications by function, realizing that a single agency-identified business application could

provide functionality in multiple categories. Agencies provided up to three prioritized categories per busi-

ness application.

Note: The functional categories are identified by short names or keywords in the charts and text below.

Each functional category is more fully defined in the Appendix (page 15).

Page 9: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | High-Level Findings 7

Hardware and Software Components by Primary Functional Category

Business applications are made up of hardware

and software components. The largest numbers

of these components are related to the following

functional categories:

Licensing/Permitting/Monitoring/

Enforcement

Business Automation

Systems Management

Reporting Systems

Web Systems

Content Management Systems

Enterprise Resource Planning

The legacy ratio between the hardware compo-

nents or software products is not significantly

different among the categories.

Hardware Components by Primary Application Category Software Components by Primary Application Category

Page 10: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | High-Level Findings 8

Legacy Remediation Cost Estimate

A high-level remediation cost estimate for the

entire legacy application portfolio across all

functional application categories is approxi-

mately $450M. The majority of remediation cost

is within the functional categories identified as

focus areas:

Business Automation

Content Management Services

Reporting

Licensing/Permitting/Monitoring/

Enforcement

Enterprise Resource Planning

Customer Relationship Management

Systems Management

Search

Average Age of Hardware Components

The average age of existing hardware compo-

nents varies across functional categories, though

not significantly. These averages would be ex-

pected to be lower when subject to a more uni-

form refresh cycle (the industry standard is to re-

fresh hardware every three to five years).

High-Level Estimate of Legacy Remediation Cost by Business Application Category

Average Age of Hardware Components

Page 11: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 1 9

Recommendation 1

Determine the Impact of Identified Security Risks and Prioritize Mitigation

Agencies should develop a prioritized impact

analysis and mitigation plan of identified legacy

systems’ security risks. Agencies reported a

number of applications that have unresolved se-

curity risks introduced by relying on legacy sys-

tems. These security risks include the inability to

implement updates on older software, as well as

implementation configurations that diminish se-

curity capabilities. A number of the involved ap-

plications provide significant business value, and

some are mission critical. These applications can-

not wait for legacy remediation—the identified

security vulnerabilities must be addressed as

soon as possible.

Even if applications are “behind the firewall”

(guarded by network protections), it is impera-

tive to have all known security risks mitigated

with urgency. This likely requires operating sys-

tem or software product upgrades, or both. At

minimum, the impact is time and effort for im-

plementation and testing. In some cases, de-

pendencies between software products (and po-

tentially between software and hardware com-

ponents) require broader updates. A key step is

to identify these dependencies and develop a

plan to resolve the security risks with considera-

tion for the amount of change and relative im-

pact.

An impact analysis and remediation of these

risks would:

Determine the potential impact of the security

risks identified by agencies

Develop the most expedient and least disrup-

tive approach to mitigate the risks

Implement mitigation initiatives

Prioritizing the impact analysis and risk mitiga-

tion has the following benefits:

Reduces the potential vulnerability of agency

applications and data

After mitigating the risk with minimal solu-

tions, reprioritizes further remediation based

on the overall legacy remediation strategy

Recommendation 2

Develop a Legacy Modernization Roadmap Strategy

Amend TGC 2054 to authorize DIR to develop a

legacy modernization strategy and collaborate

with agencies to use the comprehensive strate-

gies as guidance in their legacy modernization ef-

forts.

Many of the remediation options are complex.

Large-scale modernization efforts carry a signifi-

cant amount of risk that can be reduced by de-

veloping a structural, yet pragmatic, approach

toward implementation.

This study assessed the statewide application

and technology portfolio, resulting in a number

of findings. Key among the findings is that the

legacy issue is widespread, both among agencies

and among application categories. It will take a

significant amount of effort and investment to

remediate the portfolio and reduce the risks as-

sociated with legacy systems, including security

vulnerabilities and lack of timely support. A com-

prehensive roadmap at the statewide level to

guide agency initiatives would drive the effort to

Page 12: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 3 10

remediate the legacy portfolio at both state and

agency levels.

A legacy modernization strategy would:

Identify specific initiatives to remediate legacy

applications

Prioritize initiatives across agencies based on

business value and risk reduction

Develop a mechanism to track the effective-

ness of these initiatives

Establish milestones, metrics, and validation of

outcomes

Implementing a legacy modernization strategy

would provide the following benefits:

Maximizes the technology investment in terms

of business value

Ensures the proper prioritization of initiatives

Ensures the use of effective and common ap-

proaches across agencies

Recommendation 3

Leverage DIR to Establish a Statewide Application Development Framework, Standardization, and Consolidation

Amend TGC 2054 to authorize DIR to establish a

statewide application development framework

and to facilitate standardization and collabora-

tion, achieve economies of scale, and leverage

agency investments.

Recommend that DIR create a function to pro-

vide strategic information technology advice and

guidance to state agencies through direct en-

gagement to promote enterprise architecture

standards, collaborative communities, and

awareness of technical initiatives.

Statewide Application Development

Framework

The current statewide application portfolio is a

collection of agency portfolios: there is no partic-

ularly strong, coordinated driver to seek econo-

mies of scale or leverage agencies’ investments

at other agencies. There are some examples of

such collaboration at the agency level, but it is

not approached systemically. Objectives ex-

pressed in other recommendations, including

standardization and implementing a preference

for commercial off-the-shelf (COTS) solutions,

depend on a common partner to facilitate collab-

oration among agencies and to present a cohe-

sive approach to the Legislature. DIR is uniquely

positioned to perform this role.

Leveraging DIR to establish a statewide applica-

tion development framework would:

Facilitate consistent, structured cross-agency

engagements such as round–table discussions

and an application-based coordinating council

Build a community of interest

Seek ways to leverage common solutions

Enable DIR to actively pursue opportunities to

drive value from agency technology invest-

ments

Implementing a statewide application develop-

ment framework would have the following ben-

efits:

Actively implements a framework that will be

used to create a statewide legacy moderniza-

tion program

Facilitates collaboration and alignment of ap-

plication development practices among agen-

cies

Enables the recommendations to improve

standardization and increasing the use of COTS

solutions

Page 13: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 3 11

The need to modernize legacy systems is a chal-

lenge as well as an opportunity. Rather than im-

plementing modernization as a technology-cen-

tric program, DIR can help to approach modern-

ization from an application perspective. As tech-

nology infrastructure becomes more commodi-

tized over time, the majority of cost, as well as

business benefits, are a result of organizations’

application strategies. At this stage, most agen-

cies do not have a strong discipline in this area,

and legacy modernization provides the impetus

for a statewide perspective.

Standardization and Consolidation

Amend TGC 2054 to authorize DIR investigate

the opportunity to standardize technologies for

common agency solution areas. This could re-

duce redundancy, provide better insight into

data, and leverage skills across agencies. By fo-

cusing less on the technology and more on the

implementation of the technology, the state

could develop best practices for functional areas

among agencies. The first step of the investiga-

tion would be to develop a model to quantify the

potential benefits and metrics to measure suc-

cess.

Agencies use a number of similar applications

across similar business functions, but these ap-

plications are often implemented with different

technology products, which overlap in function-

ality. Instead of approaching these applications

as unique solutions, common approaches and

technologies can be leveraged by multiple agen-

cies. A number of applications in different cate-

gories, including Customer Relationship Man-

agement (CRM), Enterprise Resource Planning

(ERP), Licensing / Permitting / Monitoring / En-

forcement (Licensing), and Search, are currently

in legacy status and need to be remediated. In-

stead of addressing these applications individu-

ally, DIR should facilitate working groups and col-

laboration with agencies to perform application-

level analysis to determine commonalities and

pursue common solutions.

Standardization and increased shared solutions

would:

Replace distributed technologies with com-

mon solutions

Introduce best practices-based approaches

across agencies

Potentially replace distributed hardware with

centralized and shared hardware

Establish common test environments for agen-

cies to quickly ramp-up projects

Standardization and increased shared solutions

have the following benefits:

Improves the time-to-market to deploy solu-

tions through shared knowledge and experi-

ence

Encourages collaboration among agencies

across the state

Develops an understanding of common data

and encourages sharing data among different

agencies in the same business areas

Allows for sharing of expertise and skills

Page 14: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 4 12

Recommendation 4

Seek Commercial Off-the-Shelf Solutions over Custom-Developed Solutions

As part of a legacy modernization strategy, the

state should seek to prioritize the implementa-

tion of COTS-based solutions wherever it makes

practical sense. COTS solutions include cloud-

based implementations, particularly Software-

as-a-Service (SaaS, or sharing applications) and

Platform-as-a-Service (PaaS, or sharing the tech-

nology to build applications) solutions.

Of the many business applications in use across

agencies, there is an emphasis on custom-devel-

oped solutions. Although the use of a COTS prod-

uct as the main solution is not explicitly tracked,

the number of COTS products among the most

commonly used software in application catego-

ries is limited. The number of different software

products in use is large, and there are many spe-

cific solutions. In many cases where agencies

have embarked upon legacy modernization pro-

grams, they have adopted a preference for

COTS-based solutions over custom-developed

replacement, especially for slowly evolving sys-

tems that provide transactional functionality.

A preference for COTS-based solutions over cus-

tom-developed solutions would:

Replace existing legacy custom applications

with COTS-based solutions

Standardize COTS products across agencies in

similar functional areas

Leverage industry best practices, embedded in

COTS solutions, to support future state busi-

ness processes across agencies

Implementing a higher degree of COTS solutions

would have the following benefits:

Reduce the complexity of the statewide appli-

cation portfolio

Reduce the number of technologies

Reduce the dependency on specialized re-

sources only found within a small number of

agencies

Encourage collaboration among agencies

across the state

Encourage data sharing data between differ-

ent agencies in the same business areas

Recommendation 5

Consolidate Reporting and Analytics into Consolidated Business Intelligence Services

Amend TGC 2054 to authorize DIR to implement

shared (multi-tenant) reporting services and

business analytics capabilities. This could reduce

redundancy, provide better insight into data,

and standardize skills across agencies. By reduc-

ing agencies’ need to focus on distributed re-

porting technology, they would be better

equipped to focus on establishing and tracking

key performance indicators.

Many agencies deploy reporting and data ware-

housing capability, either as a focused applica-

tion category or as part of business automation,

Customer Resource Management (CRM), and

other types of applications. Agencies use a vari-

ety of reporting tools, and a significant portion

are considered legacy. In some cases, reporting

is performed against applications’ operational

databases, but in other cases (and following best

practices), agencies establish separate reporting

databases.

Page 15: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 6 13

There is an opportunity to consolidate reporting

capability into a shared service, which would

provide agencies with the tools and technologies

needed to perform reporting and/or data ware-

housing, especially in cases where agencies uti-

lize separate reporting databases.

This shared service would:

Provide agencies with consolidated, up-to-

date, and maintained tooling

Replace distributed reporting hardware with

centralized and shared hardware

Provide standardized and powerful data

cleansing and aggregation tools

A shared reporting service has the following ben-

efits:

Reduces the proliferation of hardware and

software related to common reporting func-

tions

Encourages sharing of data and establishment

of master data across the state

Reduces the risk of reporting applications be-

coming legacy in the future

Allows for sharing of expertise and skills

Recommendation 6

Implement Application Portfolio Management Practices

Amend TGC 2054 to authorize DIR to establish a

voluntary pilot program that provides statewide

application portfolio management (APM) prac-

tices and toolsets supporting agency implemen-

tation of any recommendations following the

Legacy Systems Study. This could provide con-

sistency in the data, enabling reliable review and

continuous improvement across the state enter-

prise. It also allows agencies opportunity to col-

laborate more effectively on similar business re-

quirements. It may be one of the first steps to

deploying statewide Master Data Management,

Application Programming Interface (API) service

registry, and Enterprise Service Bus solutions.

APM’s goal is to describe the inventory of appli-

cations and the resources (e.g., money, staff

time, infrastructure) required to provide opera-

tional support of those applications over their

lifetime. APM is closely related to governance

and how an agency ensures that applications are

aligned with agency business needs, enterprise

architecture (alignment of people, processes,

technology), and tracking of effective metrics to

measure the cost/value proposition of applica-

tions relative to each other within an agency (or

state) portfolio. APM should guide the invest-

ment decisions for an application’s lifecycle, par-

ticularly balancing between adding features,

maintaining infrastructure currency, and mod-

ernizing the platform. Effective implementation

of APM is an indicator of an organization’s infor-

mation technology services maturity and its abil-

ity to respond to business requirements.

Application portfolio management is used to:

Identify application investment requirements

Identify and tracks costs

Establish application lifecycle expectations (at

least estimations)

Measure, report, and adjust values and expec-

tations

Track against original expectations

Track large changes to requirements over the

life of the application

Application portfolio management provides the

following benefits:

Page 16: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 6 14

Ensures ease of ongoing visibility to applica-

tions’ relative business value

Guides the business and information technol-

ogy organizations in prioritization

Enables rationalization across business,

agency, and enterprise where possible

Page 17: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Appendix 15

Appendix

Functional Category Definitions

Application Development (AppDev)

Components related to the development and

maintenance of applications.

Backup/DR Systems (Backup)

Components related to disaster recovery, data

backup, and business continuity.

Business Automation (Business)

Manages the integration of systems via mes-

saging, transformation of data, and scheduling

of transactions.

Content Management Systems (CMS)

Includes document management (born-digital

documents, not scanned), electronic records

management, web-content management,

knowledge management, search and retrieval,

content categorization (taxonomy), digital

preservation, and email archiving.

Customer Relationship Management (CRM)

Includes service and support systems designed

to increase the productivity and efficiency of

support staff who are required to support con-

stituents and service requestors. This is a

front-office customer service and support cat-

egory.

Data Warehousing (DW)

Includes reporting, analytics, and business in-

telligence in order to support data analysis and

decision-making tasks.

Desktop Productivity (Productivity)

Equipment, applications, or services used to

aid employees with their productivity.

Document Management Systems (DocMgmt)

Includes different aspects of converting paper

documents to electronic form, such as imag-

ing, scanning, indexing, electronic forms, back-

file conversion, workflow, optical character

recognition, computer output to laser disk,

and computer output to microfiche.

E-Commerce (Ecomm)

The buying and selling of products or services

conducted over electronic systems such as the

Internet and other computer networks. Elec-

tronic commerce draws on technologies such

as mobile commerce, electronic funds trans-

fer, supply chain management, Internet mar-

keting, online transaction processing, elec-

tronic data interchange (EDI), inventory man-

agement systems, and automated data collec-

tion systems.

Enterprise Resource Planning (ERP)

Includes the administration of an organiza-

tion’s financial and human resources back-of-

fice systems that include general ledger, ac-

counts payable, accounts receivable, budget-

ing, inventory, asset management, billing, pay-

roll, projects, grants, payroll, and time and la-

bor.

ERP Secondary (ERP Secondary)

Ancillary accounting applications that gather

and feed data to a primary accounting system

(cash management, employee time, and leave

tracking).

Fax Services Systems (Fax)

Fax Services Systems allows for the produc-

tion, retrieval, storage, and printing of faxes to

and from the agency.

Page 18: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Appendix 16

File Services (File)

Standard file and data storage used for daily

business operations.

Fleet Management (Fleet)

The management of a company’s transporta-

tion fleet. Fleet management includes com-

mercial motor vehicles such as cars, ships,

vans, trucks, and rail cars. Fleet management

can include a range of functions, such as vehi-

cle financing, vehicle maintenance, vehicle

telematics (tracking and diagnostics), driver

management, speed management, fuel man-

agement, and health and safety management.

Geographic Information Systems (GIS)

Includes the capturing, storing, updating, ma-

nipulating, analyzing, displaying, and/or online

publishing of geographically referenced infor-

mation.

Identity Management (IAM)

Includes components providing authentication

and authorization, such as single sign-on, digi-

tal certificates, etc.

Legislative Tracking (Legislative)

Data repository used to track new and old leg-

islation that may apply to an agency. Allows

the agency to plan for, respond to, and man-

age change resulting from the legislation.

Licensing/Permitting/Monitoring/Enforcement

(Licensing)

Includes systems that support licensing and/or

permitting functions of the agency, and/or re-

lated activities such as compliance monitoring

and enforcement.

Messaging/Email Systems (Email)

Components supporting messaging systems,

including email, instant messaging, and their

security.

Online Web Forms (WebForms)

Web-based online forms for data entry to a

back-end system.

Print Services (Print)

Devices providing standard print services func-

tion for daily business operations.

Procurement (Procurement)

The acquisition of goods, services, or works

from an outside external source.

Reporting Systems (Reporting)

Toolsets and applications that have the proper

drivers to attach to databases and provide re-

porting for the various agency needs.

Search System (Search)

Tool for searching back-end systems.

Security Systems (Security)

Includes network and client-based firewall and

virtual private network (VPN) deployments; in-

trusion prevention or detection systems

(IPS/IDS); server-based access controls (e.g.,

biometrics, smart cards/other one-time pass-

word tokens); encryption (for data in transit,

files, public key infrastructure); IT security de-

sign reviews; vulnerability scanning, assess-

ment and testing; malware blocking tools (e.g.,

application-level attack blocking, virus, spy-

ware, adware, and spam management); auto-

mated patch management and security policy

compliance tools; physical security for IT as-

sets; and the implementation of forensics, risk,

or security assessment tools.

Page 19: LEGACY SYSTEMS STUDY - Texas€¦ · full replacement, depending on the characteris-tics of the application. The Legacy Systems Study presents various options and maps them to dif-ferent

Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Appendix 17

Systems Management (SysMgmt)

Systems management addresses technologies

used to manage and monitor the network,

servers, applications, and other elements of

the IT infrastructure, which can include sys-

tems management and monitoring, perfor-

mance management, change and release man-

agement, and software distribution.

Telephony Systems (Telephony)

Includes interactive voice response (IVR), voice

over Internet protocol (VoIP), hosting and

management of call centers or contact cen-

ters.

Terminal Access Systems (Terminal Access)

Services that allow connectivity to external

systems with which the agency must share

data. For example, connectivity to applications

from the Texas Comptroller of Public Accounts

that make up the agency primary accounting

system. Also includes remote access compo-

nents such as Citrix, XenApp, Radius, etc.

Timekeeping Systems (Timekeeping)

Agency system used to document time spent

by staff on projects.

Training (Training)

Provide interface for presenting training mate-

rials and tracking completion.

Utility Systems (Utility)

These may be hosted domain name system

(DNS) services, dynamic host configuration

protocol (DHCP) services, virtualization ser-

vices, system monitoring, logical security ser-

vices, terminal emulation services, remote ac-

cess services, or others that are applied to one

or more other servers.

Videoconferencing/Web Broadcasting

(VideoConferencing)

Includes two-way analog or IP-based video-

conferencing, as well as IP-based video broad-

casting (one-way, one-to-many, and replay).

Web Systems (Web)

Public facing or internal agency websites and

their supporting components (security, moni-

toring, etc.); includes FTP sites.